Security News > 2023 > February > GoAnywhere MFT zero-day vulnerability lets hackers breach servers

The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles.
GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.
"A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT," warns the GoAnywhere security advisory.
On the file system where GoAnywhere MFT is installed, edit the file " /adminroot/WEB INF/web.
BleepingComputer has identified local governments, healthcare companies, banks, energy firms, financial services companies, museums, and computer part manufacturers utilizing the GoAnywhere file transfer solution.
Even a single breach leveraging GoAnywhere MFT's zero-day flaw could leak sensitive information that could be used for extortion.
News URL
Related news
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Rubrik rotates authentication keys after log server breach (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)